US11153309B2ActiveUtilityA1

Multifactor authentication for internet-of-things devices

63
Assignee: AT & T MOBILITY II LLCPriority: Mar 13, 2018Filed: Mar 13, 2018Granted: Oct 19, 2021
Est. expiryMar 13, 2038(~11.7 yrs left)· nominal 20-yr term from priority
H04L 2463/082H04L 63/0823H04L 63/10H04L 63/0876
63
PatentIndex Score
1
Cited by
53
References
20
Claims

Abstract

Concepts and technologies are disclosed herein for multifactor authentication for Internet-of-things devices. An access request can be received from an Internet-of-things device. The access request can include identifying information associated with the Internet-of-things device and a certificate. The certificate can be validated and a stored version of the identifying information can be obtained. If the stored version of the identifying information is determined to match the identifying information included with the access request, access to a resource can be allowed.

Claims

exact text as granted — not AI-modified
The invention claimed is: 
     
       1. A system comprising a processor and a memory that stores computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising:
 receiving, at a computing device that hosts a resource and from an Internet-of-things device, an access request via which the Internet-of-things device requests access to the resource, wherein the access request comprises a header comprising an IP address that is associated with the Internet-of-things device, and a certificate that is used by the Internet-of-things device to encode the access request, wherein the certificate is issued to the Internet-of-things device in response to a security management platform receiving a registration request that requests registration of the Internet-of-things device for multifactor authentication; 
 sending, to the security management platform, a request to validate the certificate received with the access request; 
 receiving, from the security management platform, a decision that indicates if the certificate is validated by the security management platform; 
 if the decision indicates that the certificate is validated, 
 obtaining, from a gateway that assigned the IP address to the Internet-of-things device, a stored version of the IP address, 
 determining if the stored version of the IP address matches the IP address that was included in the header, and 
 in response to determining that the stored version of the IP address matches the IP address that was included in the header, allowing the Internet-of-things device to access the resource; and 
 if the decision indicates that the certificate is not validated by the security management platform, blocking the Internet-of-things device from accessing the resource. 
 
     
     
       2. The system of  claim 1 , wherein obtaining the stored version of the IP address comprises generating an application programming interface call that requests, from the gateway, the stored version of the IP address. 
     
     
       3. The system of  claim 1 , wherein the certificate is obtained by the Internet-of-things device via an over-the-air channel between the Internet-of-things device and a certificate authority that issues the certificate, and wherein the over-the-air channel is established to deliver updates to the Internet-of-things device. 
     
     
       4. The system of  claim 3 , wherein the certificate is issued to the Internet-of-things device by the certificate authority in response to the security management platform sending, to the certificate authority, a certificate request with the IP address of the Internet-of-things device. 
     
     
       5. The system of  claim 3 , wherein the over-the-air channel is used to obtain the certificate without establishing a new communication path. 
     
     
       6. The system of  claim 1 , wherein in response to receiving the registration request, the security management platform:
 obtains, from the gateway, the IP address assigned to the Internet-of-things device; and 
 requests, from a certificate authority, creation of the certificate and delivery of the certificate to the Internet-of-things device. 
 
     
     
       7. A method comprising:
 receiving, at a computing device that hosts a resource and from an Internet-of-things device, an access request via which the Internet-of-things device requests access to the resource, wherein the access request comprises a header comprising an IP address that is associated with the Internet-of-things device, and a certificate that is used by the Internet-of-things device to encode the access request, wherein the certificate is issued to the Internet-of-things device in response to a security management platform receiving a registration request that requests registration of the Internet-of-things device for multifactor authentication; 
 sending, by the computing device and to the security management platform, a request to validate the certificate received with the access request; 
 receiving, by the computing device and from the security management platform, a decision that indicates if the certificate is validated by the security management platform; 
 if the decision indicates that the certificate is validated, 
 obtaining, by the computing device and from a gateway that assigned the IP address to the Internet-of-things device, a stored version of the IP address, 
 determining, by the computing device, if the stored version of the IP address matches the IP address that was included in the header, and 
 in response to determining that the stored version of the IP address matches the IP address that was included in the header, allowing, by the computing device, the Internet-of-things device to access the resource; and 
 if the decision indicates that the certificate is not validated by the security management platform, blocking, by the computing device, the Internet-of-things device from accessing the resource. 
 
     
     
       8. The method of  claim 7 , wherein obtaining the stored version of the IP address comprises generating an application programming interface call that requests, from the gateway, the stored version of the IP address. 
     
     
       9. The method of  claim 7 , wherein the certificate is obtained by the Internet-of-things device from a certificate authority that issues the certificate, and wherein the certificate is obtained by the Internet-of-things device via an over-the-air channel between the Internet-of-things device and the certificate authority that issues the certificate. 
     
     
       10. The method of  claim 9 , wherein the certificate is issued to the Internet-of-things device by the certificate authority in response to the security management platform sending, to the certificate authority, a certificate request with the IP address of the Internet-of-things device. 
     
     
       11. The method of  claim 10 , wherein the multifactor authentication of the Internet-of-things device is accomplished automatically and without interaction by a user of the Internet-of-things device. 
     
     
       12. The method of  claim 9 , wherein the over-the-air channel is established to deliver updates to the Internet-of-things device. 
     
     
       13. The method of  claim 12 , wherein the over-the-air channel is used to obtain the certificate without establishing a new communication path. 
     
     
       14. The method of  claim 7 , wherein in response to receiving the registration request, the security management platform:
 obtains, from the gateway, the IP address assigned to the Internet-of-things device; and 
 requests, from a certificate authority, creation of the certificate and delivery of the certificate to the Internet-of-things device. 
 
     
     
       15. A computer storage medium having computer-executable instructions stored thereon that, when executed by a processor, cause the processor to perform operations comprising:
 receiving, at a computing device that hosts a resource and from an Internet-of-things device, an access request via which the Internet-of-things device requests access to the resource, wherein the access request comprises a header comprising an IP address that is associated with the Internet-of-things device, and a certificate that is used by the Internet-of-things device to encode the access request, wherein the certificate is issued to the Internet-of-things device in response to a security management platform receiving a registration request that requests registration of the Internet-of-things device for multifactor authentication; 
 sending, to the security management platform, a request to validate the certificate received with the access request; 
 receiving, from the security management platform, a decision that indicates if the certificate is validated by the security management platform; 
 if the decision indicates that the certificate is validated, 
 obtaining, from a gateway that assigned the IP address to the Internet-of-things device, a stored version of the IP address, 
 determining if the stored version of the IP address matches the IP address that was included in the header, and 
 in response to determining that the stored version of the IP address matches the IP address that was included in the header, allowing the Internet-of-things device to access the resource; and 
 if the decision indicates that the certificate is not validated by the security management platform, blocking the Internet-of-things device from accessing the resource. 
 
     
     
       16. The computer storage medium of  claim 15 , wherein obtaining the stored version of the IP address comprises generating an application programming interface call that requests, from the gateway, the stored version of the IP address. 
     
     
       17. The computer storage medium of  claim 15 , wherein the certificate is obtained by the Internet-of-things device via an over-the-air channel between the Internet-of-things device and a certificate authority that issues the certificate the over-the-air channel is established to deliver updates to the Internet-of-things device. 
     
     
       18. The computer storage medium of  claim 17 , wherein the certificate is issued by the certificate authority to the Internet-of-things device in response to the security management platform sending, to the certificate authority, a certificate request with the IP address of the Internet-of-things device. 
     
     
       19. The computer storage medium of  claim 17 ,
 wherein the over-the-air channel is used to obtain the certificate without establishing a new communication path. 
 
     
     
       20. The computer storage medium of  claim 15 , wherein in response to receiving the registration request, the security management platform:
 obtains, from the gateway, the IP address assigned to the Internet-of-things device, and 
 requests, from a certificate authority, creation of the certificate and delivery of the certificate to the Internet-of-things device.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.